Meta Faces Huge Fines After Potential Data Security Breaches

Meta, Facebook’s parent company, faces a record £1bn (€1.2bn) fine from Ireland’s Data Protection Commission (DPC) for violating GDPR. The penalty, resulting from a challenge by privacy advocate Max Schrems, requires Meta to suspend EU-to-US data transfers, with a five-month implementation period.

Additionally, the DPC demands a six-month halt to the “unlawful processing” of already transferred EU data in the US, necessitating removal from Facebook servers. Meta, planning to appeal, claims unfair targeting and vows to seek a stay on the data transfer order.

The DPC cites Meta’s use of standard contractual clauses (SCCs) as insufficient safeguards, as per a 2020 European Court of Justice ruling. The ruling doesn’t affect Instagram and WhatsApp data transfers. Meta warns of potential disruptions in EU services without SCCs or alternatives. Despite a promised grace period, the company’s recent quarterly results hint at service limitations in Europe.

Meta’s net income reached $23.2bn last year; shares rose 2.2%, valuing the company at over $640bn. The DPC decision follows a disagreement with other EU regulators, prompting the European Data Protection Board to intervene. Legal experts suggest an appeal might not fully overturn the decision, emphasizing the US government’s access to EU personal data under national security. The fine aims to deter businesses from mishandling international data transfers. The UK’s Information Commissioner’s Office acknowledges the decision, intending to review details in due course.

Shopping Basket